So what\u2019s firewall as a service?\nFirewall as a service, or FWaaS, relies on technology in the cloud. A user or application connects to the FWaaS via the internet, and the service applies domain rules, URL filtering, and other security that physical firewall appliances use. The idea is to replace the multitude of hardware firewalls you\u2019d need to secure all of your business\u2019 traffic from all of its different operational sites with secure internet connections to the service.\nWhat\u2019s wrong with firewall appliances?\nPossibly nothing. Physical firewalls are still quite popular, particularly for businesses without a lot of different locations and without a lot of remote workers. They even have some advantages over FWaaS, like different cost profiles. On-prem firewalls are a capex expenditure up-front but tend to be cheaper over time. They also have lower latency.\nWhy is FWaaS more prominent now?\nThe pandemic and its attendant spike in remote working made things tough on businesses that needed their employees\u2019 connections to be protected at all times. FWaaS can protect connections coming from anywhere, from a branch office or even a remote worker\u2019s study. Gartner estimates that FWaaS will go from a $251 million industry to about $2.6 billion by 2025, assuming that current remote-working trends continue. That would give FWaaS a 21% share of the roughly $12 billion firewall market in less than five years. Most of the fastest growth has been in North America and Europe.\nHow is it deployed?\nIt\u2019s considerably easier than deploying a substantial number of hardware appliances across numerous branch offices, but it\u2019s not the simplest thing in the world, either, according to Adam Hils, a senior research director at Gartner.\n\u201c[Organizations must] get some kind of understanding of what kind of access they need at each branch and configure the firewall,\u201d he said. \u201cThis can involve multiple configurations, but, again, it\u2019s not nearly as complex as plopping a thousand physical firewalls down in a network and having to configure those.\u201d\nHow does FWaaS work, exactly?\nIt\u2019s conceptually quite simple: It does precisely the same things an on-prem firewall does, it just does them remotely, either from a physical point of presence in a data center somewhere or in the cloud. The precise location of where the firewall workload happens varies by vendor.\nIt\u2019s also worth noting that FWaaS is often either bundled with SD-WAN by networking vendors or simply used in tandem with another SD-WAN offering. It becomes another connection the SD-WAN manages and provides centrally managed firewall protection.\nAre cloud firewalls and FWaaS the same thing?\nCloud firewall is a marketing term, and, according to IDC research manager Chris Rodriguez, isn\u2019t a particularly helpful one. \u201cI\u2019d caution against cloud firewall because it\u2019s confusing. Is it a firewall in the cloud or a firewall that\u2019s defending a cloud network?\u201d he said. So the short answer is cloud firewall and FWaaS are not necessarily the same thing.\nWhat are the downsides of FWaaS?\nFrom an opex point of view, FWaaS can be pricey, and it doesn\u2019t get cheaper over time like a group of physical firewalls would. For another, there\u2019s the issue of small transmission delays as the traffic gets filtered through the FWaaS.\n\u201cThere can be some latency because you have to send user traffic through that cloud and to wherever it\u2019s bound for,\u201d said Hils. If, for example, a FWaaS provider\u2019s nearest point of presence is down, round-trip times for the connections that were using that point would get substantially longer.